Fix the xpdf security issue described at

http://vuxml.FreeBSD.org/24eee285-09c7-11da-bc08-0001020eed82.html.

Reported by:	simon
Obtained from:	graphics/xpdf
Approved by:	portmgr (implicit)

2 files changed, 31 insertions, 1 deletions

diff --git a/graphics/gpdf/Makefile b/graphics/gpdf/Makefile
index c244558197c6..bd5b8f9578ae 100644
--- a/graphics/gpdf/Makefile
+++ b/graphics/gpdf/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	gpdf
 PORTVERSION=	2.10.0
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	graphics print gnome
 MASTER_SITES=	${MASTER_SITE_GNOME}
 MASTER_SITE_SUBDIR=	sources/${PORTNAME}/2.10
diff --git a/graphics/gpdf/files/patch-security2 b/graphics/gpdf/files/patch-security2
new file mode 100644
index 000000000000..636f2297a95c
--- /dev/null
+++ b/graphics/gpdf/files/patch-security2
@@ -0,0 +1,30 @@
+--- fofi/FoFiTrueType.cc.orig	Thu Jan 22 02:26:44 2004
++++ fofi/FoFiTrueType.cc	Thu Aug 11 16:55:52 2005
+@@ -1343,6 +1343,27 @@
+     return;
+   }
+ 
++  // make sure the loca table is sane (correct length and entries are
++  // in bounds)
++  i = seekTable("loca");
++  if (tables[i].len < (nGlyphs + 1) * (locaFmt ? 4 : 2)) {
++    parsedOk = gFalse;
++    return;
++  }
++  for (j = 0; j <= nGlyphs; ++j) {
++    if (locaFmt) {
++      pos = (int)getU32BE(tables[i].offset + j*4, &parsedOk);
++    } else {
++      pos = getU16BE(tables[i].offset + j*2, &parsedOk);
++    }
++    if (pos < 0 || pos > len) {
++      parsedOk = gFalse;
++    }
++  }
++  if (!parsedOk) {
++    return;
++  }
++
+   // read the post table
+   readPostTable();
+   if (!parsedOk) {